VOID DeleteFileTest()
{
char Str[1024] = "";
ANSI_STRING AS;
UNICODE_STRING US;
FILE_BASIC_INFORMATION fbi;
FILE_DISPOSITION_INFORMATION fpi;
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString( &logFileUnicodeString,
L"\\Device\\HarddiskVolume1\\1.LOG");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
0,
NULL,
NULL );
//打开该文件
ntStatus = ZwCreateFile(&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
0,
FILE_SHARE_READ,
FILE_OPEN,
0,
NULL,
0 );
fbi.FileAttributes = FILE_ATTRIBUTE_NORMAL;
ZwQueryInformationFile(hfile,
&iostatus,
&fbi,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation);
if (!NT_SUCCESS(ntStatus))
{
sprintf(Str, "\n%d---ATTR:%d", fbi.CreationTime.LowPart, fbi.FileAttributes);
RtlInitAnsiString(&AS, Str);
RtlAnsiStringToUnicodeString(&US, &AS, TRUE);
NtDisplayString(&US);
NtDelayExecution(0, &g_DelayTime);
}
fbi.FileAttributes = FILE_ATTRIBUTE_NORMAL;
ZwSetInformationFile(hfile,
&iostatus,
&fbi,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation);
ZwClose(hfile);
ZwCreateFile(&hfile,
DELETE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_DELETE,
FILE_OPEN ,//打开该文件
0,
NULL,
0 );
ZwSetInformationFile(hfile,
&iostatus,
&fpi,
sizeof(FILE_DISPOSITION_INFORMATION),
FileDispositionInformation);
ZwClose(hfile);
}
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!